Cyber Risks

Cyber threats are one of the biggest security risks of the 21st century

The increasing use of new technologies, self-learning machines, cloud computing, digital ecosystems, new communication standards like 5G and our dependence on intelligent devices are all parts of the global digital transformation of businesses and society. In 2017, 27 billion devices around the world were online, but this number is set to increase five-fold to 125 billion by the year 2030.

In virtually every sector, automated processes are delivering greater efficiency and therefore higher productivity. By analysing a wide range of data, businesses also hope to gain new insights into existing and prospective customers, their purchasing behaviour, or the risk that they might represent. This will facilitate a more targeted customer approach. At the same time, greater levels of interconnection are leading to new business models. Examples include successful sharing concepts and online platforms. Opportunities for all industries are auspicious.

New technologies bring new vulnerabilities

Bright lights cast dark shadows: Promising, future-oriented opportunities also entail inherent and sometimes hidden risks. Espionage, sabotage, data theft – losses from cyber attacks cost companies millions and are increasing all the time.

US$ 600bn

In 2018 alone, we estimate the economic damage from cyber attacks at US$ 600bn.

In 2017, we witnessed how vulnerable companies across the world have become as a result of digital networking, when the WannaCry and NotPetya malware attacks caused huge-scale business interruption and production stoppages around the world.

The number of cyber attacks continues to rise – as do the resulting losses. In particular targeted cyber attacks of different types will increase. While phishing and malware via email remain the most common types of attack, ransomware that targets user devices and the cloud can threaten infrastructure, resulting in significant insurance losses. According to estimates from market research institute Cybersecurity Ventures, companies around the world fall victim to such attacks every 14 seconds on average in 2019.

Cyber risks difficult to assess

Cyber risks pose unique challenges for the insurance industry, above all in connection with accumulation risk: a single cyber event can impact many different companies at the same time, as well as leading to business interruption at yet more companies.

How can the market opportunities be exploited, while at the same time managing the new risks? Are cyber risks ultimately uninsurable, as many industry representatives maintain? One thing is certain: there are a number of extreme risks that the insurance industry cannot bear alone. At present, these include network outages that interrupt the electricity supply, or internet and telecommunication connections. Scenarios like these, and the costs that come with them, should be borne jointly by governments and companies, for example in the form of pool solutions.

Cyber as a new type of risk

There are key differences between cyber risks and traditional risks. Historical data such as that applied to calculate future natural hazards, for example, cannot tell us much about future cyber events. Data from more than ten years ago, when there was no such thing as cloud computing and smartphones had not yet taken off, are of little use when assessing risks from today’s technologies. Insurers and reinsurers must be able to recognise and model the constantly evolving risks over the course of these rapid advances in technology. An approach that relies on insurance expertise alone will rapidly reach its limits. Instead, the objective of all participants should be to create as much transparency as possible as regards cyber risks. IT specialists, authorities, and the scientific and research communities can all help to raise awareness of the risks and contribute their expertise for the development of appropriate cyber covers.

Cyber insurance market with strong expected growth: GWP global cyber insurance market

Comprehensive Cyber Solutions from Munich Re

Munich Re has developed its own cyber-ecosystem involving technology companies, IT security providers and start-up companies to develop solutions for cyber risks. This is because the requirements for comprehensive protection are complex, and safeguarding against financial losses is only one component of an overall concept. Accordingly, in consultation with our technology partners, we are developing highly effective, automated prevention services for our clients. These are designed to permanently monitor the client infrastructure, identify risks promptly, and prevent losses.